DebuggerManager functions don't properly do bound checks, could lead to potential out-of-bounds read

EtSapientisMagna · January 20, 2023, 1:21pm

Reproduction Steps

System Information
Intel Core i9 9900K
16GB DDR5 RAM
Nvidia GeForce RTX 2080Ti

Any debugger functions that accept a stackIndex and stackFrame will only check if the passed number is under the amount of stack frames.

Multiple functions are affected

ScriptDebugger:GetGlobals
ScriptDebugger:GetLocals
ScriptDebugger:GetUpvalues
ScriptDebugger:SetGlobal
ScriptDebugger:SetLocal
ScriptDebugger:SetUpvalue

local debugger = DebuggerManager():AddDebugger(path.to.script) debugger:GetGlobals(math.huge)

local debugger = DebuggerManager():AddDebugger(path.to.script) debugger:GetLocals(0/0)

local debugger = DebuggerManager():AddDebugger(path.to.script) debugger:GetGlobals(-1)

local debugger = DebuggerManager():AddDebugger(path.to.script) debugger:SetGlobal(1, 1, -1)

local debugger = DebuggerManager():AddDebugger(path.to.script) debugger:GetUpvalues(2 ^ 32)

Expected Behavior

Roblox should not crash and throw an error

Actual Behavior

Roblox crashes

Issue Area: Studio
Issue Type: Crashing
Impact: Low
Frequency: Very Rarely

WheretIB · January 20, 2023, 2:12pm

Thank you for the report, I’m going to work on a fix for this.

WheretIB · February 2, 2023, 5:28pm

The fix for this issue is now live (in Roblox Studio version 561+)

system · February 16, 2023, 5:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.